How Does Spyware Work - Research Paper Example

SPYWARE Spyware Affiliation Table of Contents Table of Contents 2 Introduction 3 Research Background 3 How Does Spyware Work? 3 History of Spyware Programs 4 Types of Spyware 4 Adware Cookies 5 Adware 5 Trojan Horses 5 System Monitors 5 Countermeasures against Spyware 5 Vigilance 6 Alternate Internet Browsers 6 Hosts File and Proxy Automatic Configuration (PAC) File 6 Technological Approaches 7 Industry Self-Regulation 7 Directions for the Future 7 Conclusion 8 References 9 Introduction In the past few years, the computer and information security has turned out to be a serious challenge not only for the organizations but also for the individuals who perform routine tasks over the Internet. In fact, everyday a large number of threats and issues are emerging to make the information security a more complicated task. Though, there are many tools and techniques that can be used to deal with these emerging security threats, but some security threats are so sophisticated that the majority of tools and techniques fail to effectively deal with them. In this scenario, spyware is one of the most crucial security threats that has caused serious challenges for the business organizations and individuals. Basically, spyware consists of a wide variety of programs that an attacker uses to observe a computer users actions, get facts and information regarding the user, and store this data in order that they can use it for conducting illegal activities. The research has shown that the major target of spyware remains the internet community (Ames, 2004). This report presents a detailed analysis of spyware applications. The basic purpose of this research is to present an overview of spyware, its types, its working and some of the countermeasures. Research Background Computer owners are confronting with such a mounting threat that is considered to be the leading one, known as spyware (Reuters, Feb. 9, 2004). Its predominance was evident by the National Cyber Security Alliance who anticipated that it is about 90 percent of PCs with internet connections being affected by spyware. Moreover, a Web Sense Survey in 2004 proposed the spyware problem to be majorly manifested in IT companies (92%, according to the estimation) as claimed by their managers. It is the biggest dilemma that most of the internet users don’t even find about the induction of any spyware application until and unless it has already been installed on their PCs. Spyware is sort of a secreted character that is difficult to find. Although most users have understanding about spyware effects such as PCs being sluggish, strange search outcomes and fronting more pop-up ads but it could be dangerous because of its secret nature. In the late 1990s, software programs were being used much for getting info about the end-users. And in early 2000s, the Dot-com buzz made its usage more rampant. Generally, spyware is such a software that is used to get the information about the customers illegally and convey that info to the third-party while it pretends to be the data sensors. It creates many types of dangers to computer owners, those could be noticeable or obscure (Awad & Fitzgerald, 2005; Poston, Stafford, & Hennington, 2005). How Does Spyware Work? The working of spyware can vary from minor to wild, depending on the user. At the minor level, it can be less harmful for instance, when a user tries to access a well-known web site without using their particulars (such as username and password). In this scenario, the result of this action can appear in the form of minimum risk. At the wild level, a spyware comes with the application software where it turns out to be completely malevolent to computers and users, resulting in serious security risk and exposure. Here a major challenge for the users is that they are unable to control or stop application-based spyware for the reason that this application-spyware is able to get absolute control of the users computer. In this scenario, this application starts immediately whenever the power is supplied to the computer. As compared to the other forms of the spyware techniques, this attack is believed to be more challenging for the reason that these applications can have access to any data and information stored in the computer. In fact, these applications are able to send and receive data from the outside world. In this scenario, these applications do not require the user to share any data or information on the Internet. Additionally, this type of spyware programs initiates a channel in order to receive upgrades from the source, install new functions and features without user’ interaction and knowledge (Ames, 2004; Weiss, 2005; Poston, Stafford, & Hennington, 2005). These applications are widely being developed by the intelligence agencies to achieve their objectives such as for investigations and monitoring. However, the majority of these applications is developed by the hackers for intrusions. In fact, a large number of applications are available in the market which can be purchased by simple users for spying on someone else (Ames, 2004). History of Spyware Programs The history of the spyware can be traced back to 1995, where the initial case of spyware (though the term spyware was not used to demonstrate it) appeared in a Usenet post that created significant entertainment at Microsoft. Afterward this term was used to refer to small cameras same as were used in a James Bond movie. However, this term was formally used by Zone Labs in late 1999 during the launch of their personal firewall. In this release they introduced the initial anti-spyware program. Though, this anti-spyware program was not intentionally released for addressing the spyware threat. However, the release of this program was based on an assumption that “a system has a permanent IP address when it is connected to an always-on connection, as a result, it can be easily targeted by attackers to launch Trojan horses, hackers or supposed spyware threats. So, traditional solutions and products such as firewalls are not effective in intercepting nasty software accidentally hosted by trustworthy users through email or using other ways. In this scenario, once a user is able to accept this unknown nasty applications from the known users, these are installed into the system and make use of the Internet connection for sending and receiving data outside the system. In fact, the majority of hackers adopts this mechanism to steal users’ personal information (McDowell, 2006; Loibl, 2005). Additionally, Elf Bowling is the first well-known freeware application that incorporated the initial integrated spyware. In view of the fact that the idea was new that time and users of this application were unable to understand that this application is sending their data back to the developer of the game “Nsoft”. In addition, no one paid attention to this event until 2001, when the file-sharing client ‘Kazaa’ was released. After the release of Kazaa a large number of users paid attention to this even. As a result, they suspected the creator “Sharman Networks” for installing spyware applications and adware without getting permissions from users. However, Sharman responded to this issue by arguing that “program contained simply advertising software in an attempt to reduce the development cost of the eventual end-user. However, apart from advertising software Kazaa also included various other things such as Cydoor, which is a spyware function used to gather data regarding user’s web usage. In fact, the majority of users were unaware of this fact and they still kept downloading and installing Kazaa. Hence, Kazaa is believed to be the first instance of unsolicited and possibly hazardous application installing together with a valuable program. Moreover, after the three years of this incident computer users and network administrators started realizing about spyware applications (McDowell, 2006; Loibl, 2005). Types of Spyware Normally, a spyware a program comes in many forms, however adware, system monitors, Trojan horses, and adware cookies are the recognized ones. Among these, adware cookies are such types that are majorly seen in approximately 77.8 percent of spyware cases. Some of the major types of spyware are as follows: Adware Cookies When a user goes for a website, there are some files that are swapped among the website and hard drive of the system. Such files hold the data of this interface between user and website known as adware cookies. Basically, cookies are not inherently made for illegal reasons rather these are used for some pure intents like making the log-in process easier for the user, serving the user with accurate data according to his demands and requirements, and tracing the users’ purchases in any online shop carts. Unfortunately, these could also be used for stealing the users’ confidential information that is illegally used in marketing or promotional strategies of companies. Because these can generate a synopsis about users’ online shopping behaviors, his purchasing power, the ways he bids and much more without taking user’s permission (Sipior, Ward, & Roselli, 2005). Adware Adware is another type of spyware that is used for stalking about the shoppers’ online conducts regardless of user’s permission. Such information is used in direct marketing where marketers can properly target their customers’ needs. As it produces a comprehensive summary about each segment’s information, so in this way marketers can make special offerings tailored to their customers’ requirements. Such advertisements can be of any form like web banners, spam e-mail, redirected webpages, pop ups etc. (Sipior, Ward, & Roselli, 2005; Loibl, 2005; Saroiu & Wolman, 2008). Trojan Horses The most odious type of spyware is known as Trojan horses, or RATs (Remote Administration Trojans). It is a nasty form of spyware because it works in a most damaging way. When a user download a corrupt file infected with a Trojan horse, it gets installed itself with that file and takes the whole charge of the PC. It exchanges information with other computer through the internet and operates under this other computer’s instructions. A PC being infected with Trojan can be converted into a spam proxy. Trojan can use Microsoft outlook email because it was a browser that permit pop-up ads’ torrents. It can also be employed for pilfering the information like adware does or for harming the files (Sipior, Ward, & Roselli, 2005; Loibl, 2005; Saroiu & Wolman, 2008). System Monitors Keystroke Loggers or System Monitors are another form of spyware that is also used for information theft. During online banking or online shopping, it can furtively steal information about user interface and send back this data to spyware installer who further share this info with other vendors, marketers, data compilers. Moreover, it can also transfer data while using some software applications such as video games and spreadsheets (Sipior, Ward, & Roselli, 2005; Loibl, 2005). Countermeasures against Spyware There are various means users can carry on as a shield to spyware. The user can be watchful while using the internet and handle the computing sources appropriately. The user can also defend by installing and using unconventional browsers that are not besieged by spyware and by using the PAC (Proxy Automatic Configuration) or Windows Hosts File in a browser that obstruct contact to spyware containing websites (Sipior, Ward, & Roselli, 2005; Loibl, 2005). Vigilance Watchfulness while using the internet can be a useful defensive approach. The user must pay attention to the files being downloaded or the software being installed. The user must have a cautious look on the EULA before installing any software. It is also an ethical responsibility according to the “click wrap” agreement to disclose the file that contains spyware before downloading in the similar way the FTC give warnings before installing any unknown software. Additionally, one must escape from peer to peer linkages because mostly such networks offer downloads hustled with spyware for advertising by marketers who have intents to make some revenues. For dropping such downloads, one must only visit websites which are well-known to him. Moreover, users should not use search helpers, messengers and must use an antivirus program to scan the files before downloading. Web browser software and the whole operating system must be revived that can help in finding patches for fusing the holes, a spyware can manipulate. High security settings must be updated while trying to download and PC must be switched off when not in use (Sipior, Ward, & Roselli, 2005; Loibl, 2005). Alternate Internet Browsers Approximately 95 percent of web surfers use Internet Explorer (IE) by Microsoft, known as to be a standard browser. But the problem with this browser is that malware attack has conceived susceptibilities to internet explorer, so one must have Windows XP Service Pack to resolve these safety related issues. Well, it would be more appropriate to use substitute browsers like Mozilla Firefox that is expert, unrestricted, and more protected than IE because malware authors consider it a minor victim (Sipior, Ward, & Roselli, 2005; Loibl, 2005). Hosts File and Proxy Automatic Configuration (PAC) File Users have two alternatives for avoiding reach to websites containing spyware. These are mostly already existing in PCs and compile a list of websites or webpages that must be restricted. There is a text file kept under the Windows folder known as the Windows Hosts file is such a substitute. Whenever a user types an URL into the browser, then the browser start looking in the Hosts file whether it is written in the list or not. If it is not in the list, the central DNS (Domain Name Services) server started to look up the IP (Internet Protocol) Address that is the numeric identical to the web address and is mandatory to find the website to be presented. But if a domain name is included in the list of the Hosts file, then browser by no means communicate this with DNS. In this scenario, the user can edit the Hosts file in Notepad, making a list of known spyware websites and redirecting them to the local host. As the domain name of unwanted website is directed to the local host thus such websites are successfully obstructed. Other alternative that is used for blocking such websites is a feature residing in the browser that is known as PAC (Proxy Automatic Configuration) file, pioneered by Netscape Navigator 2.0. It is typed in JavaScript and can restrict webpages by picking them independently. JavaScript is verified by browser for every URL/webpage to be shown and restrict the webpage request by redirecting to the local host. It operates like Hosts file, but the difference between these two is that Hosts file can block entire website while PAC files can block individual webpage from a website (Sipior, Ward, & Roselli, 2005; Loibl, 2005). Technological Approaches Anti-spyware software, spyware blockers and firewalls are some high-tech solutions to the spyware threats. Anti-spyware is not used much as anti-virus software. Up till now there is not much effective anti-spyware offering a solid resistance through recognition and clarification regarding the spyware and allowing the used to eliminate. As programmers are upgrading the spyware to make it hard to find just for some striking profits, therefore, there must be two anti-spyware implements so that if one misses something to detect, the other would do. Furthermore, Spyware blockers are also useful tools to identify and restrict the spyware before it is installed and every PC having internet connection must possess its personal firewall (Sipior, Ward, & Roselli, 2005; Loibl, 2005). Industry Self-Regulation Adware providers must be an advocate of the following principles (Sipior, Ward, & Roselli, 2005; Loibl, 2005): 1. There must be stated a clear and visible warning displayed to the user before downloading or EULA must have such warnings. 2. There should be simple actions to uninstall the undesirable applications. 3. Pop-up windows must have a clear brand name to recognize the Ad’s source. 4. Best business practices and laws for applications must be followed for internet business. Rather than legislation, the FTC is now approving the use of self-governing methods. Directions for the Future At the present a large number of security threats are emerging every day. In fact, they will keep growing in the future at a more rapid pace. In this scenario, it will turn out to be a significant responsibility of both technology developers and organizations to determine innovative ways for attaining an acceptable level of security. However, the research has shown that the majority of companies (even spending a large budget on their information systems and IT staff) are not completely equipped to cope with the security issues and challenges caused by security threats. Though, some organizations (such as AOL) have now included malware protection in their regular service plans. In fact, this decision led to considerable positive results. In the same way, educational institutions are providing their students and teaching staff with an easy access to top brand spyware detection and removal tools and anti-virus software. In spite of all the efforts taken by the institutions and organizations, the problem still remains unsolved. In fact, a number of researches suggest that the problems related to malware and spyware will remain open. As a result, threat avoidance, recognition, and remediation solutions and efforts will play an essential role in the future. In this scenario, new students can be prepared by teaching them latest prevention and identification techniques so that they can play significant role in different walks of life. In addition, organizations should conduct training programs and workshops in order to improve the knowledge and expertise of their employees (Schmidt & Arnett, 2005; Payton, 2006). Conclusion In the past few years, a large number of security issues and threats have emerged. Though, organizations and individuals are continuously adopting strict measures to deal with these challenges, however their efforts seem to be less productive against such serious attacks such as spyware programs. Basically, spyware software encompasses a collection of programs which are particularly developed to be installed on a target’s computer for accessing their data and transferring them to the attacker. As a result of this attack, an attacker is able to get access to the target’s computer and get hold of their personal information, which can be misused later on. This report has presented a detailed analysis of spyware programs. This report has shown the working of spyware, its types and some countermeasures that can be adopted to deal with these attacks. People should be careful while accessing the Internet and avoid installing software from unknown vendors. References Ames, W. (2004). Understanding Spyware: Risk and Response. IEEE IT Professional, Volume 6 Issue 5, 25-29. Awad, N. F., & Fitzgerald, K. (2005). The deceptive behaviors that offend us most about spyware. Communications of the ACM, Volume 48 Issue 8, 55-60. Loibl, T. R. (2005). Identity Theft, Spyware and the Law. InfoSecCD 05 Proceedings of the 2nd annual conference on Information security curriculum development (pp. 118-121). Kennesaw, GA, USA: ACM. McDowell, K. (2006). Now that we are all so well-educated about spyware, can we put the bad guys out of business? SIGUCCS 06 Proceedings of the 34th annual ACM SIGUCCS fall conference: expanding the boundaries (pp. 235-239). Edmonton, Alberta, Canada: ACM. Payton, A. M. (2006). A Review of Spyware Campaigns and Strategies to Combat Them. InfoSecCD 06 Proceedings of the 3rd annual conference on Information security curriculum development (pp. 136-141). Kennesaw, GA, USA.: ACM. Poston, R., Stafford, T. F., & Hennington, A. (2005). Spyware: a view from the (online) street. Communications of the ACM, Volume 48 Issue 8, 96-99. Saroiu, S., & Wolman, A. (2008). SpySaver: Using Incentives to Address Spyware. NetEcon 08 Proceedings of the 3rd international workshop on Economics of networked systems (pp. 37-42). Seattle, Washington, USA.: ACM. Schmidt, M. B., & Arnett, K. P. (2005). Spyware: a little knowledge is a wonderful thing. Communications of the ACM, Volume 48 Issue 8, 67-70. Sipior, J. C., Ward, B. T., & Roselli, G. R. (2005). A United States Perspective on the Ethical and Legal Issues of Spyware. ICEC 05 Proceedings of the 7th international conference on Electronic commerce (pp. 738-743). Xi’an, China: ACM. Weiss, A. (2005). Spyware be gone! . netWorker, Volume 9 Issue 1, 18-25. Read More